CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

[feat] Add so-monitor-add script

Browse Source
This commit is contained in:
William Wernert
2021-01-04 13:35:14 -05:00
parent f8c7413b15
commit 9d674d6d3a
4 changed files with 76 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
salt/common/tools/sbin/so-common
View File

@@ -21,6 +21,53 @@ if [ "$(id -u)" -ne 0 ]; then
exit 1 exit 1
fi fi
add_interface_bond0() {
local BNIC=$1
if [[ -z $MTU ]]; then
local MTU
MTU=$(lookup_pillar "mtu" "sensor")
fi
local nic_error=0
# Check if specific offload features are able to be disabled
for string in "generic-segmentation-offload" "generic-receive-offload" "tcp-segmentation-offload"; do
if ethtool -k "$BNIC" | grep $string | grep -q "on [fixed]"; then
echo "The hardware or driver for interface ${BNIC} is not supported, packet capture may not work as expected."
((nic_error++))
break
fi
done
for i in rx tx sg tso ufo gso gro lro; do
ethtool -K "$BNIC" $i off
done
# Check if the bond slave connection has already been created
nmcli -f name,uuid -p con | grep -q "bond0-slave-$BNIC"
local found_int=$?
if [[ $found_int != 0 ]]; then
# Create the slave interface and assign it to the bond
nmcli con add type ethernet ifname "$BNIC" con-name "bond0-slave-$BNIC" master bond0 -- \
ethernet.mtu "$MTU" \
connection.autoconnect "yes"
else
local int_uuid
int_uuid=$(nmcli -f name,uuid -p con | sed -n "s/bond0-slave-$BNIC //p" | tr -d ' ')
nmcli con mod "$int_uuid" \
ethernet.mtu "$MTU" \
connection.autoconnect "yes"
fi
ip link set dev "$BNIC" arp off multicast off allmulticast off promisc on
nmcli con up "bond0-slave-$BNIC" # Bring the slave interface up
if [ "$nic_error" != 0 ]; then
return "$nic_error"
fi
}
# Define a banner to separate sections # Define a banner to separate sections
banner="=========================================================================" banner="========================================================================="

7
salt/common/tools/sbin/so-monitor-add Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
. /usr/sbin/so-common
set -e
add_interface_bond0 "$1"

69
setup/so-functions
View File

@@ -572,31 +572,27 @@ compare_versions() {
configure_network_sensor() { configure_network_sensor() {
echo "Setting up sensor interface" >> "$setup_log" 2>&1 echo "Setting up sensor interface" >> "$setup_log" 2>&1
local nic_error=0
# Set the MTU
if [[ $NSMSETUP != 'ADVANCED' ]]; then
if [[ $is_cloud ]]; then MTU=1575; else MTU=1500; fi
fi
if [[ $is_cloud ]]; then if [[ $is_cloud ]]; then
INTERFACE=${BNICS[0]} INTERFACE=${BNICS[0]}
local nmcli_con_arg="type ethernet" local nmcli_con_args=( "type" "ethernet" )
else else
INTERFACE='bond0' INTERFACE='bond0'
local nmcli_con_arg="type bond mode 0" local nmcli_con_args=( "type" "bond" "mode" "0" )
fi fi
# Create the bond interface only if it doesn't already exist local MTU
MTU=$(lookup_pillar "mtu" "sensor")
# Create the bond interface only if it doesn't already exist
nmcli -f name,uuid -p con | grep -q "$INTERFACE" >> "$setup_log" 2>&1 nmcli -f name,uuid -p con | grep -q "$INTERFACE" >> "$setup_log" 2>&1
local found_int=$? local found_int=$?
if [[ $found_int != 0 ]]; then if [[ $found_int != 0 ]]; then
nmcli con add ifname "$INTERFACE" con-name "$INTERFACE" $nmcli_con_arg -- \ nmcli con add ifname "$INTERFACE" con-name "$INTERFACE" "${nmcli_con_args[@]}" -- \
ipv4.method disabled \ ipv4.method disabled \
ipv6.method ignore \ ipv6.method ignore \
ethernet.mtu $MTU \ ethernet.mtu "$MTU" \
connection.autoconnect "yes" >> "$setup_log" 2>&1 connection.autoconnect "yes" >> "$setup_log" 2>&1
else else
local int_uuid local int_uuid
@@ -605,53 +601,14 @@ configure_network_sensor() {
nmcli con mod "$int_uuid" \ nmcli con mod "$int_uuid" \
ipv4.method disabled \ ipv4.method disabled \
ipv6.method ignore \ ipv6.method ignore \
ethernet.mtu $MTU \ ethernet.mtu "$MTU" \
connection.autoconnect "yes" >> "$setup_log" 2>&1 connection.autoconnect "yes" >> "$setup_log" 2>&1
fi fi
for BNIC in "${BNICS[@]}"; do for BNIC in "${BNICS[@]}"; do
# Check if specific offload features are able to be disabled add_interface_bond0 "$BNIC" >> "$setup_log" 2>&1
for string in "generic-segmentation-offload" "generic-receive-offload" "tcp-segmentation-offload"; do return $?
if ethtool -k "$BNIC" | grep $string | grep -q "on [fixed]"; then
echo "The hardware or driver for interface ${BNIC} is not supported, packet capture may not work as expected." >> "$setup_log" 2>&1
nic_error=1
break
fi
done done
# Turn off various offloading settings for the interface
for i in rx tx sg tso ufo gso gro lro; do
ethtool -K "$BNIC" $i off >> "$setup_log" 2>&1
done
if [[ $is_cloud ]]; then
nmcli con up "$BNIC" >> "$setup_log" 2>&1
else
# Check if the bond slave connection has already been created
nmcli -f name,uuid -p con | grep -q "bond0-slave-$BNIC" >> "$setup_log" 2>&1
local found_int=$?
if [[ $found_int != 0 ]]; then
# Create the slave interface and assign it to the bond
nmcli con add type ethernet ifname "$BNIC" con-name "bond0-slave-$BNIC" master bond0 -- \
ethernet.mtu $MTU \
connection.autoconnect "yes" >> "$setup_log" 2>&1
else
local int_uuid
int_uuid=$(nmcli -f name,uuid -p con | sed -n "s/bond0-slave-$BNIC //p" | tr -d ' ')
nmcli con mod "$int_uuid" \
ethernet.mtu $MTU \
connection.autoconnect "yes" >> "$setup_log" 2>&1
fi
nmcli con up "bond0-slave-$BNIC" >> "$setup_log" 2>&1 # Bring the slave interface up
fi
done
if [ $nic_error != 0 ]; then
return 1
fi
} }
copy_salt_master_config() { copy_salt_master_config() {
@@ -1980,6 +1937,11 @@ sensor_pillar() {
local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
# Set the MTU
if [[ $NSMSETUP != 'ADVANCED' ]]; then
if [[ $is_cloud ]]; then MTU=1575; else MTU=1500; fi
fi
# Create the sensor pillar # Create the sensor pillar
printf '%s\n'\ printf '%s\n'\
"sensor:"\ "sensor:"\
@@ -2012,6 +1974,7 @@ sensor_pillar() {
if [ "$HNSENSOR" != 'inherit' ]; then if [ "$HNSENSOR" != 'inherit' ]; then
echo " hnsensor: $HNSENSOR" >> "$pillar_file" echo " hnsensor: $HNSENSOR" >> "$pillar_file"
fi fi
} }
set_default_log_size() { set_default_log_size() {

12
setup/so-setup
View File

@@ -559,19 +559,19 @@ set_redirect >> $setup_log 2>&1
set_progress_str 2 'Updating packages' set_progress_str 2 'Updating packages'
update_packages >> $setup_log 2>&1 update_packages >> $setup_log 2>&1
if [[ $is_sensor || $is_helix ]]; then
set_progress_str 3 'Configuring sensor interface'
configure_network_sensor >> $setup_log 2>&1
fi
if [[ $is_sensor || $is_helix || $is_import ]]; then if [[ $is_sensor || $is_helix || $is_import ]]; then
set_progress_str 4 'Generating sensor pillar' set_progress_str 3 'Generating sensor pillar'
sensor_pillar >> $setup_log 2>&1 sensor_pillar >> $setup_log 2>&1
if [[ $is_sensor || $is_helix ]]; then if [[ $is_sensor || $is_helix ]]; then
steno_pillar >> $setup_log steno_pillar >> $setup_log
fi fi
fi fi
if [[ $is_sensor || $is_helix ]]; then
set_progress_str 4 'Configuring sensor interface'
configure_network_sensor >> $setup_log 2>&1
fi
set_progress_str 5 'Installing Salt and dependencies' set_progress_str 5 'Installing Salt and dependencies'
saltify 2>> $setup_log saltify 2>> $setup_log